Looney Tunables Vulnerability and its impact on SWARM

Owned by Hasib Shaikh, created
Last updated: Dec 19, 2023 by Donald Baker (Deactivated)
1 min read

Problem

It is a local vulnerability issue, by passing a crafted GLIBC_TUNABLES, local attacker can execute programs with elevated permissions.

The actual problem is in the Linux loader program “ld.so”, user can elevate the permissions to root while running a program.

Impact on SWARM:

No impact on SWARM Storage as its a local runtime vulnerability related to permissions.

  1. This vulnerability is all about elevating the local user permission to admin level and executing a command / program as a admin / root.

  2. Since its a local vulnerability , user must have access to the system shell. In our case on the production system its not possible as we dont have ssh and shell access, hence we are safe

  3. On a debug system shell and ssh is available , a local user can get into the system as a root, and doesn’t need to elevate the user permission.

https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

 

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.